# Changing the systemd config can be done like this:
# 1) Edit the config file: systemctl edit --full dfget-daemon
# 2) Restart the process: systemctl restart dfget-daemon
# All your changes can be reverted with `systemctl revert dfget-daemon.service`.
# See https://wiki.archlinux.org/index.php/Systemd#Editing_provided_units.

[Unit]
Description=Dragonfly dfget daemon
After=network.target

[Service]
Type=simple
ExecStartPre=-/bin/sh /opt/dragonfly/fix.dfget-daemon.cpuset.sh
ExecStart=/usr/bin/dfget daemon
ExecReload=/bin/kill -HUP $MAINPID
Restart=always
Slice=dragonfly.slice

#EnvironmentFile=/etc/dragonfly/env
User=root

# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#NoNewPrivileges=
NoNewPrivileges=true

# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateDevices=
PrivateDevices=true

# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectControlGroups=
#ProtectControlGroups=true

# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectHome=
ProtectHome=false

# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelModules=
#ProtectKernelModules=true

# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectKernelTunables=
#ProtectKernelTunables=true

# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ProtectSystem=
#ProtectSystem=strict

# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#RestrictRealtime=
#RestrictRealtime=true

# Keep at least the /run folder writeable if dfget is configured to use a Unix socket.
# For example, the socket could be LISTEN_ADDR=/run/dfget/dfdaemon.sock
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#ReadWritePaths=
#ReadWritePaths=/run

# Allow dfget to bind to <1024 ports
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#AmbientCapabilities=
#AmbientCapabilities=CAP_NET_BIND_SERVICE

# Provide a private /tmp
# https://www.freedesktop.org/software/systemd/man/systemd.exec.html#PrivateTmp=
PrivateTmp=true

[Install]
WantedBy=multi-user.target
